cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1557765 - /cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
Date Mon, 13 Jan 2014 16:21:25 GMT
Author: coheigea
Date: Mon Jan 13 16:21:25 2014
New Revision: 1557765

URL: http://svn.apache.org/r1557765
Log:
Properly enforce SignatureProperties for streaming inbound XML Security

Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java?rev=1557765&r1=1557764&r2=1557765&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
Mon Jan 13 16:21:25 2014
@@ -235,7 +235,7 @@ public class XmlSecInInterceptor impleme
             && !encryptionProperties.getEncryptionKeyTransportAlgo().equals(event.getAlgorithmURI()))
{
             throw new XMLSecurityException("empty", "The key transport algorithm "
                 + event.getAlgorithmURI() + " is not allowed");
-        } else if (XMLSecurityConstants.Dig.equals(event.getAlgorithmUsage())
+        } else if (XMLSecurityConstants.EncDig.equals(event.getAlgorithmUsage())
             && encryptionProperties.getEncryptionDigestAlgo() != null
             && !encryptionProperties.getEncryptionDigestAlgo().equals(event.getAlgorithmURI()))
{
             throw new XMLSecurityException("empty", "The encryption digest algorithm "
@@ -251,18 +251,22 @@ public class XmlSecInInterceptor impleme
             && !sigProps.getSignatureAlgo().equals(event.getAlgorithmURI())) {
             throw new XMLSecurityException("empty", "The signature algorithm "
                                            + event.getAlgorithmURI() + " is not allowed");
-        } else if (XMLSecurityConstants.Dig.equals(event.getAlgorithmUsage())
+        } else if (XMLSecurityConstants.SigDig.equals(event.getAlgorithmUsage())
             && sigProps.getSignatureDigestAlgo() != null
             && !sigProps.getSignatureDigestAlgo().equals(event.getAlgorithmURI()))
{
             throw new XMLSecurityException("empty", "The signature digest algorithm "
                 + event.getAlgorithmURI() + " is not allowed");
-        } /*else if (XMLSecurityConstants.C14n.equals(event.getAlgorithmUsage())
+        } else if (XMLSecurityConstants.SigC14n.equals(event.getAlgorithmUsage())
             && sigProps.getSignatureC14Method() != null
             && !sigProps.getSignatureC14Method().equals(event.getAlgorithmURI()))
{
             throw new XMLSecurityException("empty", "The signature c14n algorithm "
                 + event.getAlgorithmURI() + " is not allowed");
-        }*/
-        // TODO Signature Digest Transform checking
+        } else if (XMLSecurityConstants.SigTransform.equals(event.getAlgorithmUsage())
+            && sigProps.getSignatureC14Transform() != null
+            && !sigProps.getSignatureC14Transform().equals(event.getAlgorithmURI()))
{
+            throw new XMLSecurityException("empty", "The signature transformation algorithm
"
+                + event.getAlgorithmURI() + " is not allowed");
+        }
     }
     
     private void checkSignatureTrust(



Mime
View raw message